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READER 



@ Means for identHieation and exchange of encryption keys. 



@ The invention relates to a means for identifi- 
cation and exchange of encryption keys be- 
tween communicating apparatuses for 
encrypted transmissions. The means comprises 
a card reader for smart cards connected to the 
communication apparatus which may t>e a tele- 
communication apparatus, e.g. of telephone or 
facsimile type. The reader can communicatB 
with another reader at a called telecommuni- 
cation apparatus. For identification and 
exchange erf encryption keys the required cal- 
oulatkxis are performed by the reader or the 
smart card using data stored on the smart card 
in a protected fieM with limited access. The 
means enable int ercom m unication t>etween 
products of different makes owing to a standard 
IdentiTication procedure and exchange of en- 
cryption keys. 
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FIELD OF THE INVENTION 

The present invention relates to means for iden- 
tification and exchange of encryption keys between 
two conrununlcating apparatuses for encrypted trans- ' s 
missions, comprising readers connected to the com- 
munication apparatuses. Each reader contains a 
reader unit which together with software is capable of 
handling smart cards. The reader can communicate 
with another reader in the other communication ap- 10 
paratus. The means includes a bult-ln keyboard for 
inputting of data. 

STATE OF THE ART 

IS 

Existing products for encryption, facsimile appa- 
ratuses, telephone, etc., often follow standards with 
respect to communication and algorithms, but ex- 
clude intercommunicatton t>etween two products of 
different makes. A cheap accessory for these and 20 
new products would enable different makes to inter- 
communicate through a standard identification pro- 
cedure and exchange of encryption keys. In addition, 
modern smart cards may be used in the procedures 
enabling strong algorithms and enhanced security. 25 

SUMMARY OF THE INVENTION 

The present invention provides a means for kien- 
tif ication and exchange of encryptton keys t>etween 30 
two Gomnminicating apparatuses for encrypted trans- 
missions. According to the inventfon a reader for 
smart cards is connected to each communication ap- 
paratus. The required calculations are performed by 
the reader or the smart card using data stored on the 36 
smart card in a proctected field with limited access. 

Preforably the cormnunication apparatus is a feo- 
simile apparatus or a telephone. 

Further emt>odiments of the inventfon are set 
forth In detail in the accompanying claims. 40 

BRIEF DESCRIPTION OF THE Df^WINGS 

The invention will now be described in detail with 
reference to the accompanying dramngs in which the 45 
figure is a block diagram of the means according to 
the inventfon connected in a network. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS OF THE INVENTION so 

In the figure the means according to the inven- 
tion is shown connected In a network, e.g. a telecom- 
munication system. Between the external apparatus- 
es exist encrypted traffic. The external apparatuses 55 
may t>e telephone orfacsimile apparatuses. For klen- 
tlf ication and exchange of encryption keys two card 
readera are used communicating with each other. As 
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a basis for the identif teatfon two smart cards are used 
which means that the identif icatk>n is performed by 
the card (and its owner) and that the rsader as such 
does not contain anything confidential. 

The reader may be connectad in paraHell with a 
telephone to an ordinary telephone jack via a stan- 
dard intermediate plug (not shown). The reader con- 
tains a reader unit that, together with software func- 
tions, is capable of handling smart cards. The reader 
can communicate through dual-tone multifrequency 
(DTMF) signalling or using a modem. In addltk)n, it 
has a built-in keyboard for data input The control of 
the reader is performed through anyone of the two 
communicatk>n channels available, using DTMF sig- 
nalling or modem. 

It is also possible to Inteigrats the teleoommunl- 
catton apparatus and the card reader Into a unit In 
this case the unit has a single keyboard and a slot for 
inserting the sntart card. 

The reader is controlled by a central unit It is an 
eight bit central processing unit built for maximal Inte- 
gration of the function of the card reader directly In 
the central unit The central unit Is made with CMOS 
technology warranting a low current consumpt kin. In- 
ternally there is random excess memory RAM having 
256 bytes which is sufficient for the fimcttons to be 
performed by the reader. The machine code may be 
stored in a programmable read-only memory PROM 
or mask programmed directly in the central unit to 
minimize the current consumption and the price. 

The card reader is equipped with a t>uit-in key- 
board containing 12 keys: the digits 0-9 and the char- 
actere * and #. The appearance corresponds to key- 
boards of ordinary teiephone& The keyboard ie con- 
nected directly to the central unit eliminating the risk 
of leakage of input information. 

The reader unit as such is intended for mounting 
directly on the circuit board which is Important to min- 
imize the overall size and price of the oonstructton. 
The reader unit is adapted for handling all smart cards 
in the market The reader unit is totally passhre and 
is only a link between the card and the central unit 
Via the reader unit the central unit can communkate 
with the card and assist with current supply and 
dock. Various supply voltages and ctock frequencies 
are supplied to the card in dependence of which card 
is connected. 

The basic communication is achieved using 
DTMF signalling. The reader is provided with both 
DTMF transmitter and receiver. The transfer rate is 
normally 10 charactere (10x4 bits) per second. The 
DTMF receWer is connected In parallel with the ordi- 
nary telecbmmunicatk>n traffic which means that it 
can receive data both from the user's telephone and 
from the telecommunicatk>n network. 

Since DTMF signalling sets large limltattons in 
the amount of data which can be transferred the read- 
er is also equipped with a built-in modem. The modem 
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can handle oommunlcation aooording to CCITT V.21 
and V.23, resulting in a transfer rate ranging to 1200 
bps. This provides a greater flexibility with respect to 
the functions to t>e performed by the reader. 

The reader is also fitted with a nunnber of light- 
emitting diodes (LED) in various colours, the func- 
tions of which will be described below. 

The reader Is constructed from low current con- 
sumption components but the most current consum- 
ing component is the smart card. Since various cards 
will be used no exact current consumption can be cal- 
culated. Additionally, the cards consume more cur- 
rent when they are written so that the current con- 
sumption varies with time. The current supply is pro- 
vided by a battery or a battery eliminator. With a 9 V 
alkaline K>attery a continuous operation of the reader 
of approximately 3-4 hours Is achieved. One of the 
above-mentioned light-emitting diodes indicates tow 
battery voltage and need for change of t>attery. 

When a card is inserted into the reading unit of 
the reader the reader is started autDmatically. When 
the card is pulled out the reader Is switched off. Since 
smart cards are depedent of current supply from the 
reader they will return to idle position when pulled out 
of the reader unit When the reader is started by in- 
serting a card in the reader unit a yellow light-emitting 
diode is lighted. The reader tests the card to Identify 
the type of smart card being used, if a card is accept- 
ed the yellow LED is switched off and the reader is 
ready for use. This means that the reader proceeds 
to listen for DTMF signals sent from the called system. 
If the reader does not recognize the card as anyone 
of the accepted types the card is of an unknown type 
or turned the wrong way. Then a red LED is lighted 
and the reader waits for the card to being pulled out 
All calls to the reader wil then only give an error mes- 
sage as response. 

Using the keyt>oard the user can input data local- 
ly to the reader. The inputted information may then t>e 
used as data for a command to the card. The most 
common type of inputted informatbn is a personal 
code which is to be tested in the card* but can also t>e 
another type of data, e.g. information to t>e encrypt- 
ed. None of the operations on the keyboard will be 
sent in dear text on the telephone line. The reader ac- 
cepts input from the keyboard after a command from 
the called system. When this is about to happen a 
green LED is lighted to indicate that the data is to be 
input The input is terminated with V and the green 
LED is switched off. When the LED is switched off no 
manipulations on the keyboard will either be stored or 
sent on the line. 

In a connected mode the reader listens continu- 
ously on the data in the form of DTMF signals or via 
the nrKxlem being sent from the called system. When 
a start character is detected the reader perceh/es this 
as a start of a command. The telecommunicatton ap- 
paratus is then disconnected from the line and the 



reader goes to a command mode. The reader now col- 
lects all data through the signal "#* indicating end of 
command. If there is a delay of more than one second 
between the various character the command is oon- 

5 sMered lost and the reader returns to search for the 
start character. When the whole command is received 
it wfli be decoded and performed. After the command 
is performed the reader always sends t>ack a re- 
sponse. Thereafterthe telephone is again connected 

10 to the line and the reader returns to listening. How- 
ever, when the modem is connected the user wil al- 
ways be disconnected from the line. From the mo- 
ment the reader has detected the start character until 
the reader has sent the whole response the yellow 

IS LED will be lighted. 

The reader always t>egins in DTMF nxxle, Le. tt 
listens for DTMF signals from the called system. By 
means of a command it is possible to change commu- 
nication channel and instead connect the modem. 

20 Thus, there is a number of various operation modes: 
DTMF signalling and signalling with a modem with va- 
rious transfer rates. The operation mode of the mo- 
dem can be changed during ongoing modem traffic tjy 
means of a new command on the modem line. This 

25 enat>les e.g. a change between 1 200/75 bps as trans- 
missk>n rate. The response to the command wll al- 
ways t>e issued on the communicatton channel on 
which the command was sent DTMF or modem. The 
change of communication channel or operation nrKxle 

30 of the modem will not occur until after the .response 
has k>een transmitted. 

By sending a command the reader can be re- 
quested to accept data from the user via the key- 
board. The green LED is lighted to indicate that input 

35 is to be performed on the key-t>oard. The input is ter- 
minated by the user depressing the character #. The 
green LED is switched off when the input is terminat- 
ed. The user has maximally 30 seconds to input data. 
If the input is not terminated within this time period In- 

40 stead an error code is returned. This command is nor- 
mally used to accept the personal code which is to be 
used for opening the card connected. 

A command may be sent directly to the card con- 
nected. The reader awaits a response from the card 

45 and then returns it The reader waits maximally 30 
seconds for a response. After this time perkxj instead 
an error code is returned. The reader only investi- 
gates the length of the command as a oontroll that 
suff teient data has been transmitted. Besktes this no 

so check of the command is performed. It is the task of 
the calling system to see to it that the command fol- 
lows the specif icatk)n of the connected card. 

If data has t>een Inputted from the keyboard this 
may be sent to the connected card using a special 

55 command. The input data is stored in a buffer of the 
keyboard and is transmitted together with the con>- 
mand to the card. Also in this case only the length of 
the data is checked In the keyboard buffer. The soft- 

3 
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ware of the card reader is designed so that two read* 
ers can communicate with each other, and the reader 
is provided with a serial port This serial port is used 
to deliver the result of the identification and the ex- 
change of encryption iceys to the external unit In s 
other words, the reader is not used to perform the en- 
cryption as such but only for the exchange of keys. 

The means should t>e capable of performing 
identification of both parties in a communication and 
should additionally genersate encryption keys ex- to 
changed between the systems. Identities and en- 
cryption keys are then delivered to the external ap- 
paratus for use. The external apparatus communi- 
cates with the card reader via an ordinary asynchron- 
ous serial port The card reader is oontrolied via this is 
interface to perform klentif Ication. The Mentity and 
the encryption key are also delivered here. The klen- 
tity of the user (the apparatus) is stored In smart card. 
This card Is protected by a password which Is de- 
clared using the keyboard of the card reader. The 20 
card is also used In calculating and testing the Men- 
tity. 

Every user gets a pair of keys, one open and one 
secret key in accordance with RSA (Rivest-Shanvr- 
Adleman). These keys are then used for klentif ication 25 
and exchange of keys. According to RSA the keys are 
preferably chosen In the ntanner l^elow. 

Every user selects himself two large prime num- 
bers p and q and calculates n"pq. From the range 
[max(p,q) -i- 1,n - 1] a new number d is chosen and so 
thereafter the numt>er e is calculated. These two new 
numbers are to t>e used together with n in encryptkm 
and decryption, d should be a prince numt>er and is 
selected according to certain criteria, wherein the se- 
lection has an importance for the strength of the al- 36 
gorithm. e is calculated as e=inv(d,0(n)t) (t^tient 
functk>n). d and e then gives the two functions M^c^ 
mod n and C=M« mod n, where M is a plain message 
and C is the encrypted correspondence thereof. To- 
gether this means M s Qd itkxI n » (M* mod n}^ mod 40 
n s M«d nKMj n = ^. s M, l.e. the two functk^ns are in- 
verses of each other. This means that one key (func- 
tion) for encryption and another for decryptk>n are 
used. This is usually called asymmetric encryption. 

The atxyve two functtons may be denoted as 4S 
OE(M) and M-D(C), where E and D are the indhdd- 
ual users encrypton and decryptfon transformatk>ns, 
respectively (or vice versa). E may be handed out 
while D must be kept secret Both these transforma- 
tions (keys) are stored in the smart card of the user, so 
Addittonally, D is stored In a way which excludes 
copying. 

in addition, two system constants, a and q. are 
stored on the smart card, a is a random number and 
q is a strong prime number (q = 2p 1- 1, where p Is a ss 
prime number). These two constants are used in cal- 
culating the key <rf t he secondary encryptk>n (see be- 
low). 



Every user has a card reader certificate, a digital 
identification. This certificate consists of four text 
fields, separated by semicolons. The entire certifi- 
cate is stored on the user's smart card. Thefourf ields 
are: 

Identity: A string of any length consisting of al- 
pha-numeric characters. 

Public RSAkey: This Is in turn two fields, e and 
n (as mentioned above). These two fields are stored 
as long hexadecimal numbers, separated by a conv 
ma. 

Validity date of certif fcate: This Is a text flekl 
with the form yyyy-rrm-dd. 

A signature of the above: A hexadecimal num- 
ber calculated as shown t>elow. 

Auser's certificate is signed at a certification au- 
thority possessing two own transformatfons and 
Es, as shown at>ove. E, is generally known and re- 
skles In our case in the user's smart card. is ex- 
tremely secret since D, Is used to generate signa- 
tures for all cards. If someone other than the authority 
would use D, the whcHe reliability of the IdentlficatkMi 
is lost Therefore, D. Is stored in a special smart card 
and Is protected by a password. D, can never be read, 
but can only be used by the proprietor of the pass- 
word. This protection is today the best allowed by 
technology. 

A user, e.g. A, registers with the authorify and re- 
ceives a signature Sa^'D, (MD(the user's certificate)). 
MD is a "Message Digest* function compressing the 
field in the certificate (exckjding the signature field) 
to a short numt>er. This fimctfon Is used to limit the 
calculatk^n need of long (heavy) numk>er8. The signa- 
ture receh^ed can then k>e vertfled by everyt>ody 
knowing E. and is a proof of authenticity for the user's 
identity and public key. The signature is stored In the 
user's smart card together with the rest of the certif- 
icate. 

When the user A contacts user B they start with 
exchanging the respective Identities, public keys as 
well as their signatures (certificates). Then A tests 
whether B and Eb t>elong togeth^- l>y testing the sig- 
nature Sb, i.e. if ES (Sb)'==MD (B's certif teate). B does 
the same thing. In this way it is possik>le to learn If the 
claimed Identity and the public key befong together. 

A and B then select a random number each which 
Is transmitted in plain text The opposite party en- 
crypts this using Its secret key, i.e. X=D(F^. where R 
is the random number and X is the result The result 
of the encryptbn is then re-transmitted, and the re- 
spective reader decrypts this with the put>iic key of 
the other reader which was in the transmitted certif- 
icate. If the random numt>er reappears after the de- 
cryptfon, one of the readers knows that the other 
reader is the proprietor of the public key, whtoh was 
in the certificate. Since the certificate has been prov- 
en to belong to the alleged kJent'ity also the identity 
has now t>een verified. 
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The last step is exchanging the encryption Iceys. 
Each user generates a random number X and calcu- 
lates Y=E^ mode q. a and q are two system constants 
and they ate stored on the smart card. These Ys are 
exchanged between the readers, and reader A now s 
calculates K=YB^mod q=(aXB)^mod qsa^WAmod 
q. If B treats Ya in the corresponding way both A and 
B will now share the common key K. This key is then 
used for encryption in a seoondcry encryptton. Since 
both parties have been invdved in generating the key io 
a disdosure of the keys of one party will not disdose 
K. in addltton, by varying X for each sesston. two aes- 
stons will never have the same key. 

The various public keys should be readily aval- 
able to all needing, e.g. to test a signature e.g. in a di- is 
rectory. 

Aproblem with directories is the protection cfthe 
contents of the directory. If someone is able to manip- 
ulate the public key and mislead those who utilize the 
dtectory to use the wrong key, this someone can act 20 
as If he was someone else. e.g. mask himself. It is 
possible to protect the directory from this by the di- 
rectory being physically and logically protected 
against manipulation. A secure communicatkm chan- 
nel directory then provMes an adequate protection 26 
against most Invaders. 

However, a more elegant way is that the informa- 
tion in the directory in turn is signed by means of a 
digital signature. This is achieved by the individual re- 
cords t>eing signed by a certification authority, which so 
can be viewed in the same way as the authorities is- 
suing ordinary identifications who in feet warrant the 
authentidty of the kSentification. This authority 
should be responsible for the security of the system. 

The above description of the directory functton 3S 
works excellently e.g. in a computer network or In 
other environments where the oommunicatk>n is 
readily established. However, in many situattons this 
is not possible. If e.g. two facsimile apparatuses are 
about to Mentify each other they must have direct ao- 40 
cess to the publk: keys of each other. One way to 
solve this is that the various systems have the key di- 
rectories stored k>cally in a safe manner (e.g. in a 
smart card). The requirements on storage capacity 
may however be too large, but above all a problem 4S 
arises when a new system comes into existence or 
when some system changes key/identity. Then every 
local directory has to be updated which can be a time- 
consuming procedure. In addition, there can t>e an in- 
terest in two systems being able to communicate with so 
each other without previous contact it should be suf- 
ficient that both are approved by a common certifica- 
tion authority for oommunicatton with each other. 

The easiest way to solve this is letting the system 
exchanging their respective klentities and the public 55 
keys with each other, signed by the comnwn author- 
ity. Using this signature the various systems can 
check the authenticity of the identity of the others 
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and the public key, without either previous or immedi- 
ate contact with a thM party. The importent thing 
here is the possibility of a safe identiftoation. As no 
third party is involved in the identifk:ation moment 
the identification procedure must t>e able to esteblish 
the klentity with a 100 percent certeinty of botif par- 
ties. Every "masquerade" attempt should be made 
impossible. 

All types of smart cards offer the possibility of 
protecting date fields using a personal code. These 
date fields may only be used by the proper user, the 
smart card not allowing access to these fields without 
the user having presented the right code. By protect- 
ing the key of the user's secret transformation in a 
public key system in such a date field, it is possible 
to presume with high reliability the authenticity of 
messages calculated using this transformatton. 

The problems associated with the above are 
mainly two. Partly, the equipment reading the key 
from the card or later handling it should not be able 
to be manipulated. In addltton, this equipment must 
have the calculation capacity requbBd for calculate 
exponents and dlvlsk>ns (modulo) of long numbers in 
an accepteUe time. The first problem can be handled 
by the equipment t>elng niade secura or at least pro- 
tected by the user in the same way as he/she protects 
his/her card. As the personal codes of the card often 
are handled in dear text Inside this equipment this is 
another problem which has to be addressed. The cal- 
culation capacity may however t>e en even bigger 
problem, since the protectton of the equipment only 
can be guaranteed relatively doae to the card (In the 
card reader), where the calculatkin capacity often is 
limited. 

One way to solve both problems ainmjiteneously 
is to let the card as such take cars of t>oth the protec- 
tion of the key and the calculations. This is faioeas- 
ingly more common and today existe in at least two 
types of smart cards. However, dependent on the 
choice of kJenttf icatton method, other requirements 
may be put on the smart card. 

To perform an klentificatton and exchange of 
keys at least five calculations of the type a* mod p are 
required. All five calculations are of the same type. In 
additfon. this algorithm Is built-in in at least two differ- 
ent commercially available smart cards. However, the 
cards differ as to the abiity of calculating with gener- 
ally selected a, x and p. The mo^ comnrion RSA cal- 
culation is the one with the secret key (D), in which 
case a is d and p is n. In our case, this Is only one of 
the f ive calculations. In the other cases both x and b 
are totelly different numt>ers. 

Since the card reader is programmed to accept 
certein cards it is able to choose different methods of 
securing the identification. 

In the most preferred embodiment of the inven- 
tton the smart card calculates everything. In this type 
of card the secret part of the RSA key (e) Is stored 
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safely, in addition, the modulo variable n is stored 
permanently on the caid, so that the card efficiently 
can perform a* mode n (EK) as mentioned above). Ad- 
ditionally, the card can be supplied with general argu- 
ments for the RSA algorithm. Since the card is espe- s 
cially designed for calculating with RSA this is the 
fastest method seen overall. One can assume that 
one calculation takes maximally one second and, 
thus, the whole phase of identification and exchange 
of encryption keys (overhead excluded) will take io 
maximally five seconds. 

If the card is not capable of calculating using gen- 
eral argunnents for the RSA algorithm the reader has 
to use Its built-in algorithm for calculating everything 
else than EK). This means no deterioration to the se- is 
curity. since precisely EK) is the only thing critical 
from the security point of view. However, this means 
a reduced eff k:iency. An RSA calculation in the card 
reader takes approximately ten seconds. Since three 
of the five calculattons in this case has to be per- 20 
formed by the reader the whole procedure will take 
approximately 35 seconds. 

If the card Is not capable of calculating with RSA 
at all the reader must take care of all the calcuiatkms. 
The variables (n and p) normally stored permanently 25 
in the card are read as data stored on the card in this 
method. The reader reads these variables from the 
card in calculating EK). This means a substantial de- 
terioratmn of the security, since the identity of the 
card can be manipulated in this way. The card and the 30 
data thereof are however still protected by the pass- 
word of the card. This is also the least eff fcient meth- 
od. The total procedure for identifbatkm and ex- 
change of encryptk>n key takes approximately 50 
seconds, which is mperienced as annoytngly slow. 35 
The advantage is that any smart card can be used in 
this method. 

For the reader to be able to be used it has to be 
activated by inserting one's smart card in the reader. 
Using the keyboard the password is then inputted to 40 
the card, which is opened. Thereafter the reader is 
ready to receive oonunands through the serial port or 
as DTMF signals on the telephone line. If a command 
enters through the serial port the reader wOl take the 
initiative for klentif ication of the other reader. A corrv 4S 
mand from the telephone line is the result of an initia- 
tive of the other reader. 

The card reader is provided with a serial port 
This serial port may be very simple and is capable of 
transmitting and receiving data in 9600 bps asynchro- so 
nously, 8 data bits, no parity. 

The apparatus controls the reader to perform 
kJentification and generation of encryption keys. 
Since tx>th operations occur simultaneously there is 
only one command for the apparatus to the reader. 55 
The reader transmits a status message to the appa- 
ratus simultaneously with the communication with 
the opposite reader and. after the identification and 

6 



generation of encryption key, also the result 

Between the two readers communicatton is ac- 
complished by means of DTMF signaHing and modem 
transmission. The DTMF signalling is used to gener- 
ate the initial contact The reader that takes the ini- 
tiathfe transmits the DTMF sequence "A66r. The 
other reader responds with the sequence "Beer, 
whereupon both readers are switched over to modem 
communicatk>n. In modem mode the identificatton 
and exchange of encryption keys will be performed. 
The reader who took the first initiath^ begins with 
transmitting in modem mode. Thereafter, the readers 
are communicating altemath^ely with each other, un- 
til the entire procedure is performed. 



Claims 

1 . Means for identification and exchange of encryp- 
. tion keys t>etween two comrrujnicating appara- 
tuses for encrypted transmlssk>ns, characterized 
in that a reader for smart cards is connected to 
each oommunicatton apparatus, the required cal- 
culations being performed by the reader or the 
smart card using data stored on the smart card 
in a protected field with limited access. 

2. Means according to daim 1. characterised in 
that all the calculations are performed by the 
emart card. 

3. Means according to daim 1 or 2, characterized 
in that the reader is connected to the communi- 
cation apparatus via an asynchronous serial port 

4. Means according to daim 3, charaderiied in 
that the communication apparatus is a fecsimile 
apparatus or a telephone set 

5. Means according to any one of the preceding 
claims, characterized in thatthe communteatton 
between the readers is achieved by means of 
dual-tone muhtifrequency signalling and/or mo- 
dem communication. 

6. Means according to any one of the preceding 
claims, characterized in that the card reader is 
connected to the telecommunicatfon system in 
paraitel with the telephone set, preferably by 
means of an intermediate plug. 

7. Means according to any one of the preceding 
dainns, characterized in that the card reader is 
integrated with the telephone set provkled with a 
slot for inserting the card. 

8. Means according to any one of the preceding 
claims, characterized in that bidirectional com- 
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munication in several steps occurs between the 
conrvnunication apparatuses. 
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